ragg2
Radare2 Frontend for r_egg; Compiles Programs into Tiny Binaries for x86 and ARM Architectures
- Provided by: radare2 (Version: 6.0.7+ds-1)
- Report a bug
SYNOPSIS
ragg2 |
[-FOLsrxhvz] [-a
arch] [-b
bits] [-k
os] [-o
file] [-i
sc] [-I
path] [-E
enc] [-B
hex] [-c
k=v] [-C
file] [-p
pad] [-q
off] [-S
string] [-f
fmt] [-nN
dword] [-dDw
off:hex] [-e
expr] |
DESCRIPTION
Frontend for r_egg, compiling assembly programs into minimal binaries for x86-32, x86-64, and ARM architectures.
Built on top of r_asm and r_bin, it provides a library for generating small standalone binaries across supported platforms.
Programs generated by r_egg are relocatable and can be injected in a running process or on-disk binary file.
ragg2 can generate shellcodes from C code. The final code can be linked with rabin2 and it is relocatable, so it can be used to inject it on any remote process.
OPTIONS
-aarch- Select architecture (x86, mips, arm)
-bbits- Register size (32, 64, ..)
-Bhexpairs- Append some hexpair bytes
-ck=v- Set configuration options
-Cfile- Append contents of file
-doff:dword- Patch dword (4 bytes) at given offset
-Doff:qword- Patch qword (8 bytes) at given offset
-eegg-expr- Take egg program from string instead of file
-Eencoder- Use specific encoder. See -L
-fformat- Output format (raw, c, pe, elf, mach0, python, javascript)
-F- Output native format (osx=mach0, linux=elf, ..)
-h- Show usage help message
-Hvar- Display variable
-ishellcode- Include shellcode plugin, uses options. See -L
-Ipath- Add include path
-kos- Operating system's kernel (linux,bsd,osx,w32)
-L- List all plugins (shellcodes and encoders)
-ndword- Append 32bit number (4 bytes)
-Ndword- Append 64bit number (8 bytes)
-ofile- Output file
-O- Use default output file (filename without extension or a.out)
-ppadding- Add padding after compilation (padding=n10s32) ntas : begin nop, trap, 'a', sequence NTAS : same as above, but at the end
-Psize- Prepend debruijn pattern
-qfragment- Debruijn pattern offset
-r- Show raw bytes instead of hexpairs
-s- Show assembler
-Sstring- Append a string
-v- Show version information
-woff:hex- Patch hexpairs at given offset
-x- Execute
-Xhexpairs- Execute rop chain, using the stack provided
-z- Output in C string syntax
ENVIRONMENT
R2_NOPLUGINS- Do not load any plugin
EXAMPLES
Using r_egg language:
$ cat hi.r
/* hello world in r_egg */
write@syscall(4); //x64 write@syscall(1);
exit@syscall(1); //x64 exit@syscall(60);
main@global(128) {
.var0 = "hi!\n";
write(1,.var0, 4);
exit(0);
}
$ ragg2 -O -F hi.r
$ ./hi
hi!
Using C language:
$ cat hi.c
main() {
write(1, "Hello\n", 6);
exit(0);
}
$ ragg2 -O -F hi.c
$ ./hi
Hello
Tiny binary output:
$ wc -c < hi
165
Compiled shellcode with zeroes:
$ ragg2 hi.c | tail -1
eb0748656c6c6f0a00bf01000000488d35edffffffba06000000b8010
000000f0531ffb83c0000000f0531c0c3
Using XOR encoder with key 64:
$ ragg2 -e xor -c key=64 -B $(ragg2 hi.c | tail -1)
6a2d596a405be8ffffffffc15e4883c60d301e48ffc6e2f9ab4708252
c2c2f4a40ff4140404008cd75adbfbfbffa46404040f8414040404f45
71bff87c4040404f45718083
SEE ALSO
AUTHORS
Written by pancake <pancake@nopcode.org>.